| From: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | "Gevik Babakhani" <gevik(at)xs4all(dot)nl> |
| Subject: | Re: About pg_hba.conf |
| Date: | 2006-04-06 14:51:24 |
| Message-ID: | 200604061051.24324.xzilla@users.sourceforge.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thursday 06 April 2006 09:45, Gevik Babakhani wrote:
> Hello Folks,
>
> This may be a dumb question but please bear a moment with me.
> About the TODO item %Allow pg_hba.conf settings to be controlled via
> SQL: If in the future we could configure the settings by SQL commands,
> assuming the settings are saved in an internal table, what would be the
> need for a pg_hba.conf file anymore. (except for the backward
> compatibility of cource)
>
I've generally been keeping the idea around as a foot-gun saver for when
people lock themselves out of the database via the sql commands; this could
give them a fall back mechanism to do authentication without something more
drastic.
I think some people might also prefer the pg_hba.conf method as more secure,
since it requires local access to modify, making remote exploits a wee bit
harder (admin tools that provide this functionality not-withstanding)
--
Robert Treat
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gevik Babakhani | 2006-04-06 15:01:31 | Re: About pg_hba.conf |
| Previous Message | Andrew Dunstan | 2006-04-06 14:41:15 | Re: Support Parallel Query Execution in Executor |